InfoBytes Blog

California Attorney General settles with food delivery company for allegedly violating two state privacy acts

On February 21, the California State Attorney General Office announced its complaint against a food delivery company for allegedly violating the California Consumer Privacy Act of 2018 (CCPA) and the California Online Privacy Protection Act of 2003 (CalOPPA) for failing to provide consumers notice or an opportunity to opt-out of the sale.

The CCPA requires businesses that sell personal information to make specific disclosures and give consumers the right to opt out of the sale. Under the CCPA, a company must disclose a privacy policy and post an “easy-to-find ‘Do Not Sell My Personal Information’ link.” The California AG alleged that the company provided neither notice. The AG also alleged that the company violated CalOPPA by not making required privacy policy disclosures. The company’s existing disclosures indicated that the company could only use customer data to present someone with advertisements, but not give that information to other businesses to use.

The proposed stipulated judgment, if approved by a court, will require the company to pay a $375,000 civil money penalty, and to (i) comply with CCPA and CalOPPA requirements; (ii) review contracts with vendors to evaluate how the company is sharing personal information; and (iii) provide annual reports to the AG on potential sales or sharing personal information.

Privacy, Cyber Risk & Data Security California State Attorney General CCPA CalOPPA Enforcement Data